HTAdmin now reads apache hashes with md5

sites/html/htadmin/login.php

@@ -7,9 +7,12 @@ $ini = read_config();
 if (isset ( $_POST ['user'] ) && isset ( $_POST ['password'] )) {
 	$username = $_POST ['user'];
 	$password = $_POST ['password'];
+	
+	$hash_tool = new crypt_hash_tool();
+	
 
 
-	if ($username == $ini['admin_user'] && htpasswd::check_password_hash($password,$ini['admin_pwd_hash'])) {
+	if ($username == $ini['admin_user'] && $hash_tool->check_password_hash($password,$ini['admin_pwd_hash'])) {
 		$_SESSION ['login'] = true;
 		header ( 'LOCATION:index.php' );
 		die ();

sites/html/htadmin/tools/hash_tool.php

@@ -0,0 +1,70 @@
+<?php
+
+interface i_password_hash_tool {
+		public function check_password_hash($password, $hash);
+		public function crypt($password);
+	}
+	
+	class md5_hash_tool implements i_password_hash_tool {
+		
+		public function check_password_hash($password, $hash) {
+			$passParts = explode('$', $hash);
+            $salt = $passParts[2];
+            $hashed = $this->crypt_apr_md5($password, $salt);
+            return $hashed == $hash;
+		}
+		
+		public function crypt($password) {
+				
+		}
+		
+		protected function crypt_apr_md5($password, $salt)
+		{
+			$len = strlen($password);
+			$text = $password.'$apr1$'.$salt;
+			$bin = pack("H32", md5($password.$salt.$password));
+			for($i = $len; $i > 0; $i -= 16) { $text .= substr($bin, 0, min(16, $i)); }
+			for($i = $len; $i > 0; $i >>= 1) { $text .= ($i & 1) ? chr(0) : $password{0}; }
+			$bin = pack("H32", md5($text));
+			for($i = 0; $i < 1000; $i++) {
+				$new = ($i & 1) ? $password : $bin;
+				if ($i % 3) $new .= $salt;
+				if ($i % 7) $new .= $password;
+				$new .= ($i & 1) ? $bin : $password;
+				$bin = pack("H32", md5($new));
+			}
+			$tmp = '';
+			for ($i = 0; $i < 5; $i++) {
+				$k = $i + 6;
+				$j = $i + 12;
+				if ($j == 16) $j = 5;
+				$tmp = $bin[$i].$bin[$k].$bin[$j].$tmp;
+			}
+			$tmp = chr(0).chr(0).$bin[11].$tmp;
+			$tmp = strtr(strrev(substr(base64_encode($tmp), 2)),
+			"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/",
+			"./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz");
+			return "$"."apr1"."$".$salt."$".$tmp;
+		}
+		
+
+		
+	}
+	
+	class crypt_hash_tool implements i_password_hash_tool {	
+		public function check_password_hash($password, $hash) {
+			$salt = substr ( $hash, 0, 2 );
+			if (crypt ( $password, $salt ) == $hash) {
+				return true;
+			} else {
+				return false;
+			}
+		}
+		
+		public function crypt($password) {
+			return crypt ( $password, substr ( str_replace ( '+', '.', base64_encode ( pack ( 'N4', mt_rand (), mt_rand (), mt_rand (), mt_rand () ) ) ), 0, 22 ) );
+		}
+	}
+	
+	
+?>

sites/html/htadmin/tools/htpasswd.php

@@ -1,5 +1,6 @@
 <?php
 include_once ("model/meta_model.php");
+include_once ("hash_tool.php");
 /**
  * htpasswd tools for Apache Basic Auth.
  *
@@ -117,17 +118,20 @@ class htpasswd {
 		rewind ( $this->fp );
 		while ( ! feof ( $this->fp ) && $userpass = explode ( ":", $line = rtrim ( fgets ( $this->fp ) ) ) ) {
 			$lusername = trim ( $userpass [0] );
-			$hash = $userpass [1];
+			$hash = trim ($userpass [1] );
 			
 			if ($lusername == $username) {
-				return (self::check_password_hash ( $password, $hash ));
+				$validator = self::create_hash_tool($hash);
+				return $validator->check_password_hash($password, $hash);
 			}
 		}
 		return false;
 	}
+	
 	function user_delete($username) {
 		return self::delete ( @$this->fp, $username, @$this->filename );
 	}
+	
 	function meta_delete($username) {
 		return self::delete ( @$this->metafp, $username, @$this->metafilename );
 	}
@@ -183,13 +187,17 @@ class htpasswd {
 	static function htcrypt($password) {
 		return crypt ( $password, substr ( str_replace ( '+', '.', base64_encode ( pack ( 'N4', mt_rand (), mt_rand (), mt_rand (), mt_rand () ) ) ), 0, 22 ) );
 	}
-	static function check_password_hash($password, $hash) {
-		$salt = substr ( $hash, 0, 2 );
-		if (crypt ( $password, $salt ) == $hash) {
-			return true;
+
+	
+	static function create_hash_tool($hash) {
+		if (strpos($hash, '$apr1') === 0) {
+			return new md5_hash_tool();
 		} else {
-			return false;
+			return new crypt_hash_tool();
 		}
 	}
-}
+		
+}	
+	
+
 ?>